1. Technical Field
This invention relates to a system and method for allowing an authorized third party to access encrypted electronic messages sent to or from a mobile device.
2. Background Information
Portable devices for sending and receiving messages, e.g. by email, are very popular. The Blackberry® range of devices, produced by the company Research In Motion, is one example.
Typically, when an email addressed to the user of such a portable device is received at a suitably-configured mail server, such as a mail server inside a corporate firewall at the user's place of employment, the email is encrypted and then forwarded over the wired Internet to a network operation center (NOC) operated by the email service provider. The NOC is in contact with the user's mobile device, and pushes the email to the device via a wireless telecoms network local to the user. The message is decrypted at the mobile device and displayed to the user.
When the user sends an email from the mobile device, it travels to the NOC and then on to the relevant mail server, which delivers it to the intended recipient.
Usually the messages are cryptographically encrypted at least while in transit between the NOC and the mobile device, thereby preventing any third party from being able to access the message content by intercepting or eavesdropping on the communication. In this way the privacy of the sender and recipient of the message can be protected. In a corporate setting, encryption is usually established between the corporate mail server and the mobile device.
However, there are circumstances in which it is desirable for an authorized third party, other than the sender, the recipient or the messaging service provider, to be able to decrypt the message. For example, a national law-enforcement or security body may, on occasion, wish to access messages in order to carry out its duties effectively; e.g. to intercept messages being sent or received by a known or suspected criminal in the country.
Such interception is not possible when the messages are sent or received strongly encrypted between a portable device, and an NOC or mail server which is located outside the jurisdiction of the relevant authority.
Although governments may request messaging service providers to provide access to encryption keys or decrypted messages, the service providers are typically either reluctant or unable to do so. For example, where end-to-end encryption is used between a corporate mail server and a portable device, a messaging service provider may not itself have access to the necessary decryption keys for accessing a decrypted message.
The present invention seeks to provide a mechanism that addresses these difficulties.